O'Reilly media's Vice President of Content Strategy (also the coauthor of Unix Power Tools) recently explored why several popular programming languages wound up on the "most dreaded" list in StackOverflow's annual developer survey: There's no surprise that VBA is #1 disliked language. I'll admit to complete ignorance on Objective C (#2), which I've never had any reason to play with. Although I'm a Perl-hater from way back, I'm surprised that Perl is so widely disliked (#3), but some wounds never heal. It will be interesting to see what happens after Perl 7 has been out for a few years. Assembly (#4) is an acquired taste (and isn't a single language)...
But he eventually suggests that both C and Java might be on the list simply because they have millions of users, citing a quote from C++ creator Bjarne Stroustrup: "there are only two kinds of languages: the ones people complain about and the ones nobody uses." Dislike of a language may be "guilt by association": dislike of a large, antiquated codebase with minimal documentation, and an architectural style in which every bug fixed breaks something else. Therefore, it's not surprising to see languages that used to be widely used but have fallen from popularity on the list... Java has been the language people love to hate since its birth. I was at the USENIX session in which James Gosling first spoke about Java (way before 1.0), and people left the room talking about how horrible Java was — none of whom had actually used the language because it hadn't been released yet...

If there's one language on this list that's associated with gigantic projects, it's Java. And there are a lot of things to dislike about it — though a lot of them have to do with bad habits that grew up around Java, rather than the language itself. If you find yourself abusing design patterns, step back and look at what you're doing; making everything into a design pattern is a sign that you didn't understand what patterns are really for... If you start writing a FactoryFactoryFactory, stop and take a nice long walk. If you're writing a ClassWithAReallyLongNameBecauseThatsHowWeDoIt, you don't need to. Java doesn't make you do that... I've found Java easier to read and understand than most other languages, in part because it's so explicit — and most good programmers realize that they spend more time reading others' code than writing their own.
He also notes that Python only rose to #23 on the "most dreaded" languages list, speculating developers may appreciation its lack of curly braces, good libraries, and Jupyter notebooks. "Python wins the award for the most popular language to inspire minimal dislike. It's got a balanced set of features that make it ideal for small projects, and good for large ones."

"And what shall we say about JavaScript, sixteenth on the list? I've got nothing. It's a language that grew in a random and disordered way, and that programmers eventually learned could be powerful and productive... A language that's as widely used as JavaScript, and that's only 16th on the list of most dreaded languages, is certainly doing something right. But I don't have to like it."

27 years ago today, in 1993, Debian first appeared in the world. August 16th has since been recognized as "DebianDay," celebrated shortly before the annual Debian Conference — with lots of ways to get involved, according to Debian.org: Today is also an opportunity for you to start or resume your contributions to Debian. For example, you can scratch your creative itch and suggest a wallpaper to be part of the artwork for the next release, have a look at the DebConf20 schedule and register to participate online (August 23rd to 29th, 2020), or put a Debian live image in a DVD or USB and give it to some person near you, who still didn't discover Debian.

Our favorite operating system is the result of all the work we do together. Thanks to everybody who has contributed in these 27 years, and happy birthday Debian!
And the same day is also the 25th anniversary of CPAN, the Comprehensive Perl Archive Network: On the 16th August 1995, Andreas König uploaded Symdump 1.20 to CPAN. There were other things already on CPAN, but this was the first true upload, to be followed by more than 6,500 people who have released over 35,000 distributions in 230k releases.

So it seems appropriate that 16th August be designated CPAN Day, to celebrate CPAN, and all the authors who've made it what it is.
That blog post urges readers to celebrate the anniversary "by doing something related to CPAN: release something, blog about your favourite module, or email its author thanking her or him."

Finally, a Slashdot reader reminds us that Mutt is also enjoying a birthday: The email client that aims to suck a little bit less celebrates its 25th anniversary!

Long-time Slashdot reader destinyland writes: What's up with Perl 7? Perl Foundation board member Ricardo Signes tried to sum up the state of the community in a detailed post to the "Perl 5 porters" mailing list. And in a section titled "To Break or Not To Break," he writes that "The central Perl 7 question is not about version numbering, but rather about backward compatibility guarantees..." And more specifically, it's how to respond to the question of whether Perl 5 "is too constrained by backward compatibility to grow significantly in utility or rate of use." He presents three possible responses:

— Reject the premise. "There is a lot of room for forward motion without breaking changes, if we would just stop trying to change the rules and move forward."

— Accept the premise, but then "let Perl continue along its current course, becoming ever more stable as it is used by an ever-diminishing audience until it is given its rightful place in the Hall of the Honored Dead."

— Or, "figure out which constraints can, like chains, be shrugged off so we can move ahead..."

While he sees merit in all three positions, the core hope of the Perl 7 plan is choice #3. "Maybe there are kinds of backward compatibility that can be shrugged off without disrupting the vast majority of Perl users, while making the language easier to use and (very importantly) easy to *continue* to improve." And more to the point, "We aren't picking up new core developers for a bunch of reasons, but one is 'it's just too much of a slog to -do- anything.' So I am in favor of making selective breakages in order to make the language better and the implementation more workable. I think this is the core of the Perl 7 plan, and the big question is 'what are those selective breakages.'"

That section is followed by another one titled "How Shall I Break Thee?" ("The impact on existing code is a big question to be answered. Nobody is arguing that we'll attract a new set of users and developers by first alienating all the existing ones.") While there's good suggestions, right now "The plan is to come up with a plan."

And this starts with creating a document to formalize the governance model of the Perl Steering Committee as their way of pre-forming some early consensus and refining ideas before they're then put up for general discussion on the mailing list, with a project manager giving final approval to the larger community's decisions. This will then be followed by "producing a clear set of intended changes..."

"Until that happens, I just hope for a little period of calm and good faith."

Google today launched ChromeOS.dev, a new site that aims to help developers get started with building Android apps for the company's Linux-based operating system. With today's update, Google is also making it easier to build and test Android applications on Chromebooks. From a report: The new ChromeOS.dev site, which is available in English and Spanish for now, is meant to "help developers maximize their capabilities on the platform through technical resources/tutorials, product announcements, code samples and more," a Google spokesperson told us. As Google notes in today's announcement, in the last quarter, Chromebook unit sales were up 127% year-over-year in the last quarter, compared to 40% for notebook sales in general. To help Android developers do all of their work on a Chromebook if they so desire, Google now offers the full Android Emulator on Chrome OS to test apps right on their Chromebooks. The team also made deploying apps on Chrome OS (M81 and newer) much easier. Developers can now deploy and test apps directly without having to use developer mode or connect devices via USB.

An anonymous reader shares a report: Even before the pandemic, the battle to own your living room was reaching a boiling point. Now the big screen is bigger than ever as 2020 accelerates the streaming wars and raises the smart TV platform stakes. Naturally, Google is making every effort to avoid being left behind. Today the company gave Android TV developers new tools, including Google Play Instant, the Play Store in the emulator, PIN code purchases, Gboard TV, auto low latency mode, and leanback library improvements. [...] Google says Android TV now works with seven of the top 10 smart TV OEMs and over 160 TV operators. The company also added that there are now "over 80% more Android TV monthly active devices than a year ago," but didn't divulge raw numbers. Developers have built about 7,000 apps for Google Play on Android TV, to date, up from 5,000 in April 2019.

Using millions of programs in online repositories, Intel, Georgia Tech, and MIT researchers created a tool called MISIM (Machine Inferred code Similarity) with a database of code scored by the similarity of its outcomes to suggest alternatives (and corrections) to programmers.

The hope is "to aid developers with nitty-gritty choices like 'what is the most efficient way to use this API' or 'how can I correctly validate this input',"Ryan Marcus, scientist at Intel Labs, told ZDNet. "This should give engineers a lot more time to focus on the elements of their job that actually create a real-world impact..." Justin Gottschlich, the lead for Intel's "machine programming" research team, told ZDNet that as software development becomes ever-more complex, MISIM could have a great impact on productivity. "The rate at which we're introducing senior developers is not on track to match the pace at which we're introducing new chip architectures and software complexity," he said. "With today's heterogeneous hardware — CPUs, GPUs, FPGAs, ASICs, neuromorphic and, soon, quantum chips — it will become difficult, perhaps impossible, to find developers who can correctly, efficiently, and securely program across all of that hardware."

But the long-term goal of machine programming goes even further than assisting software development as it stands today. After all, if a technology can assess intent and come up with relevant snippets of code in response, it doesn't seem far-fetched to imagine that the algorithm could one day be used by any member of the general public with a good software idea. Combined with natural language processing, for example, MISIM could in theory react to verbal clues to one day let people write programs simply by describing them. In other words, an Alexa of sorts, but for software development.

Gottschlich explained that software creation is currently limited to the 27 million people around the world who can code. It is machine programming's ultimate goal to expand that number and one day, let people express their ideas in some other fashion than code — be it natural language, visual diagrams or even gestures.
Intel currently plans to use the new tool internally.

An anonymous reader quotes a report from Bloomberg Law: The U.S. government charges too much for access to an electronic database of federal court records, the Federal Circuit ruled in a decision curbing a revenue stream the court system uses to help fund other programs. The U.S. Court of Appeals for the Federal Circuit affirmed a lower court's decision that the government was not authorized under federal law to spend $192 million in Public Access to Court Records system fees on court technology projects. The lower court "got it just right" when it limited the government's use of PACER revenues to the costs of operating the system, the court said in a precedential opinion Thursday.

"We agree with plaintiffs and amici that the First Amendment stakes here are high," the court said. But it said it doesn't foresee the lower court's interpretation "as resulting in a level of user fees that will significantly impede public access to courts." The ruling is a win for public access to court information, as PACER fees will go down if the ruling withstands a possible government appeal. But access still won't be free, despite calls for the government to stop charging for it. The Federal Circuit said it was up to Congress to decide whether to require free access. Challengers said PACER fees were too high, while the government said the middle ground reached by the lower court made the fees too low. Fees for downloading a copy of a filing run 10 cents per page, up to $3 per document. The Administrative Office of the U.S. Courts collected more than $145 million in fees in 2014 alone, according to the complaint in the case. Under a 2020 change to the fee waiver rules, about 75% of users pay nothing each quarter.

Frances "Fran" Allen, a pioneer in the world of computing, the first female IBM Fellow and the first woman to win the Turing Award, died on August 4, 2020, the day of her 88th birthday. IBM writes in a blog post remembering Allen: As a pioneer in compiler organization and optimization algorithms, Fran made seminal contributions to the world of computing. Her work on inter-procedural analysis and automatic parallelization continues to be on the leading edge of compiler research. She successfully reduced this science to practice through the transfer of this technology to products such as the STRETCH HARVEST Compiler, the COBOL Compiler, and the Parallel FORTRAN Product. As much as Fran will be remembered for her technical vision and her foundational work in computing, she will equally be remembered for her passion to inspire and mentor others, fostering an environment of perseverance and hard work throughout the IBM community.

Starting as a programmer, Fran's first assignment at IBM was to teach the research community FORTRAN, a new complex language IBM had announced just three months before. This was the start of Fran's career-long focus on compilers for high-performance computing. Following FORTRAN, Fran became one of three designers for IBM's Stretch-Harvest project in the late 1950's and early 1960's. As the language liaison with IBM's client, the National Security Agency (NSA), Fran helped design and build Alpha, a very high-level code breaking language which featured the ability to create new alphabets beyond the system defined alphabets.

An Experimental Compiler for IBM's Advanced Computing System (ACS) became her next project. Fran designed and built the machine-independent, language-independent optimizing component of the compiler. The result was a tool to help drive the hardware design and a new way to analyze and transform programs. This work led to Fran's seminal paper on Program Optimization, first published in 1966, describing a robust new framework for implementing program analysis and optimization as well as a powerful set of new algorithms. Fran's 1970 paper on Control Flow analysis introduced the notion of "intervals" and node dominance relations, important improvements over the control flow abstractions given in her earlier paper. Her 1972 paper, "A Catalog of Optimizing Transformations," identified and discussed many of the transformations commonly used today.

InfoWorld's senior writer calls Python a "living language," citing its recent addition of the "walrus operator" for in-line assignments and the newly-approved pattern matching.

"And they're only two of a slew of useful features that could be added to Python to make the language more expressive, more powerful, more suited to the modern programming world. What else might we wish for?" True constants - Python doesn't really have the concept of a constant value... [E]very time a name is used, Python goes to the trouble of looking up what object it's pointing at. This dynamism is one of the chief reasons Python runs more slowly than some other languages. Python's dynamism offers great flexibility and convenience, but it comes at the cost of runtime performance. One advantage of having true constant declarations in Python would be some reduction in the frequency of object lookups that take place during runtime, and thus better performance. If the runtime knows ahead of time that a given value never changes, it doesn't have to look up its bindings...

True overloading and generics - In many languages, multiple versions of the same function can be written to work with different kinds of input... PEP 3124, advanced in April 2007, proposed a mechanism for decorating functions to indicate they could be overloaded. The proposal was deferred rather than being rejected outright — meaning the idea was fundamentally sound, but the time wasn't right to implement it. One factor that might speed the adoption of overloading in Python — or cause the idea to be ditched entirely — is the implementation of the newly proposed pattern matching system.

In theory, pattern matching could be used under the hood to handle overload dispatch. However, pattern matching could also be given as a rationale for not implementing generics in Python, since it already provides an elegant way to dispatch operations based on type signatures. So we might get true overloading in Python one day, or its advantages might be superseded by other mechanisms.
The article lists two more features Python "probably won't get" — starting with multiline lambdas (anonymous functions). Guido van Rossum had argued in 2006 he couldn't find an acceptable syntax, and the article argues "there is probably no way to do it that doesn't involve creating a special case." And it argues the final missing feature is tail recursion optimizations, "where functions that call themselves don't create new stack frames in the application, and thus risk blowing up the stack if they run for too long.

"Python doesn't do this, and in fact its creators have consistently come out against doing so."

"Programming language Python is now firmly the second most popular programming language, for the first time knocking Java out of the top two places in RedMonk's language popularity rankings," reports ZDNet: It's the first time since 2012 that Java is not one of the top two most popular languages in the developer analyst firm's programming language popularity list. The company's previous rankings in March placed machine-learning propelled Python in a tie for second place with Java, behind JavaScript.

RedMonk's influential programming popularity rankings are based on GitHub and Stack Overflow data. The company combines them "for a ranking that attempts to reflect both code (GitHub) and discussion (Stack Overflow) traction", says RedMonk analyst Stephen O'Grady, who notes "all numerical rankings should be taken with a grain of salt....

"Python is the first non-Java or JavaScript language ever to place in the top two of these rankings by itself, and would not have been the obvious choice for that distinction in years past," O'Grady notes, comparing it to Perl in its heyday because it has become a "language of first resort" and the "glue" for thousands of small projects, while enjoying high adoption in growing categories such as data science...

Five-year-old systems-programming language Rust, created by Mozilla, has hit a more positive milestone, for the first time becoming the 20th most popular language in RedMonk's rankings.
Last week IEEE Spectrum also declared Python "dominated" their assessment of language popularity (compiled from 11 different online metrics), followed by Java and C (and then C++ and JavaScript).

Last week Slashdot reader scandum described the search for the most efficient sorting algorithm.

Now he's back, touting a new implementation for binary searches (using the same GitHub repo, and written in 15 to 30 lines of C code) that he says may be "up to 40%" faster for 32-bit integers. ("Keep in mind performance will vary depending on hardware and compiler optimizations.") The most commonly used binary search variant was first published by Hermann Bottenbruch in 1962 and hasn't notably changed since. Binary searches are one of the corner stones of computer science...

The reason the algorithms are faster appears to be a combination of simpler calculations, branch prediction, and a reduction in cache misses.

When a customer gets refunded for an app they purchased, Apple doesn't refund the 30% cut they took from the developer, says developer Simeon Saens of Two Lives Left. While [online] payment processors generally don't refund fees on refunded payments, "the App Store doesn't position itself as a payments processor the way Stripe does, so it sounds really weird that they would act like one," writes HN user chadlavi. Epic Games CEO Tim Sweeney says in a tweet: This is a critical consideration in these 30% store fees. They come off the top, before funding any developer costs. As a result, Apple and Google make more profit from most developers' games than the developers themselves. That is terribly unfair and exploitative. "If the app store took a 3% chunk and never refunded it regardless of the ongoing status of the transaction, that would put them right in line with other payment processors," adds chadlavi. "It would also still net them billions of dollars, I think!"

UPDATE: In a follow-up tweet, Simeon says he "was mistaken in my original (now deleted) tweet." He adds: "Apple does not keep the 30% commission on a refund the refund happens as you'd expect. I don't know where I got the idea that it worked the way I thought it did."

Slashdot reader ravenscar did some digging in the Apple developer forums and found that "Apple has the right to keep its 30%... [but] rarely exercises this right and most developers see a 1 to 1 relationship on funds received vs funds refunded in these situations." They go on to say: "I can't find any cited examples of Apple keeping the commission."

Cloudflare today announced the private beta launch of Workers Unbound, the latest step in its efforts to offer a serverless platform that can compete with the likes of AWS Lambda. TechCrunch reports: The company first launched its Workers edge computing platform in late 2017. Today it has "hundreds of thousands of developers" who use it, and in the last quarter alone, more than 20,000 developers built applications based on the service, according to the company. Cloudflare also uses Workers to power many of its own services, but the first iteration of the platform had quite a few limitations. The idea behind Workers Unbound is to do away with most of those and turn it into a platform that can compete with the likes of AWS, Microsoft and Google. Cloudflare aims to expose to third-party developers all of the services it builds for its internal consumption. The original Workers service will continue to operate (but under the Workers Bundled moniker) and essentially become Cloudflare's serverless platform for basic workloads that only run for a very short time. Workers Unbound -- as the name implies -- is meant for more complex and longer-running processes.

When it first launched Workers, the company said that its killer feature was speed. Today, [CEO Matthew Prince] argues that speed obviously remains an important feature -- and Cloudflare Workers Unbound promises that it essentially does away with cold-start latencies. But developers also adopted the platform because of its ability to scale and its price. Indeed, Workers Unbound, Cloudflare argues, is now significantly more affordable than similar offerings. "For the same workload, Cloudflare Workers Unbound can be 75% percent less expensive than AWS Lambda, 24 percent less expensive than Microsoft Azure Functions, and 52 percent less expensive than Google Cloud Functions," the company says in today's press release.

Another feature Prince highlighted is regulatory compliance. "I think the thing we're realizing as we talk to our largest enterprise customers is that for real companies -- not just the individual developer hacking away at home -- but for real businesses in financial services or anyone who has to deal with a regulated industry, the only thing that trumps ease of use is regulatory compliance, which is not sexy or interesting or anything else but like if your GC says you can't use XYZ platform, then you don't use XYZ platform and that's the end of the story," Prince noted. Speed, though, is of course something developers will always care about. Prince stressed that the team was quite happy with the 5ms cold-start times of the original Workers platform. The way the team engineered this is by queuing up the process while the two servers are still negotiating their TLS handshake. Cloudflare also argues that developers can update their code and have it go live globally within 15 seconds. Another area the team worked on was making it easier to use the service in general. Among the key new features here is support for languages like Python and a new SDK that will allow developers to add support for their favorite languages, too.

IEEE Spectrum's August issue will include an article titled "The Top Programming Languages."

Calculated using metrics from 11 online sources, it concludes that "One thing remains constant: the dominance of Python." Our default ranking is weighted toward the interests of an IEEE member, and looking at the top entries, we see that Python has held onto its comfortable lead, with Java and C once again coming in second and third place, respectively. Arduino has seen a big jump, rising from 11th place to seventh. (Purists may argue that Arduino is not a language but rather a hardware platform that is programmed using a derivative of Wiring, which itself is derived from C/C++. But we have always taken a very pragmatic approach to our definition of "programming language," and the reality is that when people are looking to use an Arduino-compatible microcontroller, they typically search for "Arduino code" or buy books about "Arduino programming," not "Wiring code" or "C programming.")

One interpretation of Python's high ranking is that its metrics are inflated by its increasing use as a teaching language: Students are simply asking and searching for the answers to the same elementary questions over and over. There's an historical parallel here. In the 1980s, BASIC was very visible... But few professional programmers used it, and when the home computer bubble burst, so did BASIC's, although some advanced descendants like Microsoft Visual Basic are still relatively popular professionally.

There are two counterarguments, though: The first is that students are people, too! If we pay attention only to what professional and expert coders do, we're at risk of missing an important part of the picture. The second is that, unlike BASIC, Python is frequently used professionally and in high-profile realms, such as machine learning, thanks to its enormous collection of high quality, specialized libraries.
C++ came in fourth, followed by JavaScript, R, "Arduino," Go, Swift, and Matlab.

But because different programmers have different needs, they've also created a special interactive version of their rankings online, "allowing you to weight the metrics as you see fit... "

On Thursday long-time Slashdot reader PuceBaboon wrote: Ars Technica is reporting a new attack on unprotected databases which, to date, has deleted all content from over 1,000 ElasticSearch and MongoDB databases across the 'net, leaving the calling-card "meow" in its place.

Most people are likely to find this a lot less amusing than a kitty video, so if you have a database instance on a cloud machine, now would be a good time to verify that it is password protected by something other than the default, install password...
From the article: The attack first came to the attention of researcher Bob Diachenko on Tuesday, when he discovered a database that stored user details of the UFO VPN had been destroyed. UFO VPN had already been in the news that day because the world-readable database exposed a wealth of sensitive user information... Besides amounting to a serious privacy breach, the database was at odds with the Hong Kong-based UFO's promise to keep no logs. The VPN provider responded by moving the database to a different location but once again failed to secure it properly. Shortly after, the Meow attack wiped it out.
"Attacks have continued and are getting closer to 4,000," reports Bleeping Computer. "A new search on Saturday using Shodan shows that more than 3,800 databases have entry names matching a 'meow' attack. More than 97% of them are Elastic and MongoDB."

When asked for the most efficient way to sort a million 32-bit integers in 2008, then-presidential candidate Barack Obama answered, "I think the bubble sort would be the wrong way to go."

But people are still searching for the best possible sorting algorithms, explains Slashdot reader scandum: Long has the conviction been held that quicksort is faster than merge sort. Timsort (derived from merge sort and insertion sort) was introduced in 2002 and while slower than quicksort for random data, Timsort performs better on ordered data.

Quadsort (derived from merge sort) was introduced in 2020 and is faster than quicksort for random data, and slightly faster than Timsort on ordered data.

Also of notice is the significant performance difference on small arrays, quadsort is on average two times faster than Timsort on data sets between 10 and 1000 elements. Quadsort achieves this performance through several optimizations spread out over 1500 lines of code that get the maximum performance out of merge sort.
Quadsort's GitHub page explains: After the first round of sorting a single if check determines if the four swap variables are sorted in order, if that's the case the swap finishes up immediately. Next it checks if the swap variables are sorted in reverse-order, if that's the case the sort finishes up immediately. If both checks fail...two checks remain to determine the final order.

An anonymous reader quotes a report from BuzzFeed News: On July 19, genealogy enthusiasts who use the website GEDmatch to upload their DNA information and find relatives to fill in their family trees got an unpleasant surprise. Suddenly, more than a million DNA profiles that had been hidden from cops using the site to find partial matches to crime scene DNA were available for police to search. The news has undermined efforts by Verogen, the forensic genetics company that purchased GEDmatch last December, to convince users that it would protect their privacy while pursuing a business based on using genetic genealogy to help solve violent crimes.

A second alarm came on July 21, when MyHeritage, a genealogy website based in Israel, announced that some of its users had been subjected to a phishing attack to obtain their log-in details for the site -- apparently targeting email addresses obtained in the attack on GEDmatch just two days before. In a statement emailed to BuzzFeed News and posted on Facebook, Verogen explained that the sudden unmasking of GEDmatch profiles that were supposed to be hidden from law enforcement was "orchestrated through a sophisticated attack on one of our servers via an existing user account." "As a result of this breach, all user permissions were reset, making all profiles visible to all users. This was the case for approximately 3 hours," the statement said. "During this time, users who did not opt in for law enforcement matching were available for law enforcement matching and, conversely, all law enforcement profiles were made visible to GEDmatch users." It's unclear whether any unauthorized profiles were searched by law enforcement.

Apple has announced that it will send special devices that make it easier to find flaws and vulnerabilities in its mobile operating system iOS to iPhone hackers that apply and qualify for a program the company announced last year. From a report: The program might make some hackers less likely to engage in the underground market for stolen prototype iPhones hackers currently use to research iPhone security, and encourage them to share their findings with Apple. In a new website published on Wednesday, Apple wrote that the program "features an iPhone dedicated exclusively to security research, with unique code execution and containment policies." It's called the Security Research Device Program. Security researchers can apply for it starting today and Apple told Motherboard that if they qualify they will receive the devices soon. Apple doesn't have a goal in terms of how many of these devices it wants to send out, and all you need to qualify is having a public track record of security research, not only on iPhone but also on other popular devices and software like Android phones, Windows, or Linux.

Ahead of an antitrust hearing on Capitol Hill next week, Apple is fighting back against the perception that its App Store charges onerous commission rates to developer by hiring economists from the firm Analysis Group, who said the tech giant's fees were similar to competitors. From a report: The research, published Wednesday, collected commission rates reported on or disclosed by app stores from Amazon, Google, Microsoft, Samsung and others. The company's economists also studied ticket resale marketplaces, game stores and ride-hailing apps. Overall, the economists said the commissions charged were similar, though stores generally offered different features for consumers and developers. "The commission rates charged by digital marketplaces most similar to the App Store, such as other app stores and video game digital marketplaces, are generally around 30%," the economists wrote in study [PDF]. The economists also broadly defended these commission rates, saying this system "lower the barriers to entry for small sellers and developers by minimizing upfront payments, and reinforce the marketplace's incentive to promote matches that generate high long-term value." The economists didn't look into whether the fees stifle innovation or are fair, concerns developers have raised.

An anonymous reader writes: A rare 1944 four-rotor M4 Enigma cipher machine, considered one of the hardest challenges for the Allies to decrypt, has sold at a Christie's auction for $437,955. As noted by Christie's, the M4 Enigma has a special place in computing history as the Allied efforts to break its encryption led to the development of the first programmable computer, the one developed at Bletchley Park that was used to secretly break the M4, giving Allied forces visibility into German naval planning during the Battle of the Atlantic until its surrender in mid-1945.

The M4 Enigmas are considered rare because they were made in smaller numbers than three-rotor machines. After Germany capitulated, the country ordered troops to destroy remaining Enigmas in order to keep them from Allied forces. After the war Winston Churchill also ordered all remaining Enigmas destroyed to help preserve the secret of Allied decoding successes at Bletchley. The M4 Enigmas were made on the order of Admiral Karl Donitz, the commander of the German U-boat fleet, who had concerns over repeated Allied successes against his submarines. The M4 became available to the U-boat fleet in May 1941, preventing Allies from knowing where German's U-boats were positioned for almost a year until Turing and Joe Desch in Dayton, Ohio developed the computer that broke M4 encryption to decipher German messages. By mid-1943 the majority of M4 Enigma messages were being read by the Allies, but it was not until the 1970s that knowledge of the Allied successes against the Enigma was made public. "Rival auction house Sotheby's sold an M4 Enigma last year for $800,000, which may have reached a higher selling price because it was one of one of 15 Enigma machines found in a bunker at Germany's key Northern European naval base in Trondheim, Norway, which Germany had occupied since 1940," adds ZDNet.

An anonymous reader quotes The Register: People applying for software engineering positions at companies are often asked to solve problems on a whiteboard, under the watchful eye of an interviewer, as a way to assess technical problem solving skills. But recent research suggests that whiteboard technical tests — so daunting to job seekers that there are books on how to deal with them — often fail to assess technical skill, according to new research. Instead, they're all about pressure.

In a paper to be presented later this year at the ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, researchers from North Carolina State University and Microsoft in the U.S. argue that whiteboard sessions test for stage fright rather than, y'know, coding competency... "A technical interview has an uncanny resemblance to the Trier Social Stress Test, a procedure used for decades by psychologists and is the best known 'gold standard' procedure for the sole purpose of reliably inducing stress." As a consequence, whiteboard interviews may fail to assess coder competency. Rather, the researchers argue, they measure how well job candidates handle anxiety....

In essence, social anxiety took otherwise qualified job candidates out of the running because of the circumstances of the interview.

An intriguing exchange happened on the Linux Kernel Mailing List after a post by Nick Desaulniers, a Google software engineer working on compiling the Linux Kernel with Clang (and LLVM). Hackaday reports: Nick simply tested the waters for a possible future of Rust within the Linux kernel code base, which is something he's planning to bring up for discussion in this year's Linux Plumbers Conference — the annual kernel developer gathering. [Desaulniers thinks that discussion will include "a larger question of 'should we do this?' or 'how might we place limits on where this can be used?'"]

The interesting part is Linus Torvalds's response on the LKML thread, which leaves everyone hoping for a hearty signature Rust rant akin to his C++ one disappointed. Instead, his main concern is that a soft and optional introduction of the support in the build system would leave possible bugs hidden, and therefore should be automatically enabled if a Rust compiler is present — essentially implying that he seems otherwise on board.
Linus also touched on Rust earlier this month in his keynote interview with Dirk Hohndel, the chief open source officer at VMware, during the special virtual edition of the Linux Foundation's annual Open Source Summit and Embedded Linux Conference North America: Dirk Hohndel: Every new project is done in Go or Rust or another new language I've never heard of. Is there a risk that we are becoming the COBOL programmers of the 2030s?

Linus Torvalds: Well, I don't actually think it's true that nobody writes in C any more. I think C is still one of the top 10 languages easily, if you look at any of the statistics.

That said — I mean, people are actively looking at, especially doing drivers and things that are not very central to the kernel itself, and having interfaces to do those, for example, in Rust. People have been looking at that for years now. I'm convinced it's going to happen one day.

I mean, it might not be Rust, but it is going to happen that we will have different models for writing these kinds of things. And C won't be the only one. I mean right now, it's C or assembly, and most people would rather not touch the assembly parts. [Dirk laughs] But it is something that people are looking at. I'm probably the wrong person. Greg has been more involved, since he's the driver maintainer in general. But things are afoot, and these things take a long, long time. I mean, the kind of infrastructure you need to start integrating other languages into a kernel, and making people trust these other languages — that's a big step.

New submitter kimmmos shares a report from BetaNews: An unprotected database belonging to the VPN service UFO VPN was exposed online for more than two weeks. Contained within the database were more than 20 million logs including user passwords stored in plain text. User of both UFO VPN free and paid services are affected by the data breach which was discovered by the security research team at Comparitech. Despite the Hong Kong-based VPN provider claiming to have a "strict no-logs policy" and that any data collected is anonymized, Comparitech says that "based on the contents of the database, users' information does not appear to be anonymous at all." A total of 894GB of data was exposed, and the API access records and user logs included: Account passwords in plain text; VPN session secrets and tokens; IP addresses of both user devices and the VPN servers they connected to; Connection timestamps; Geo-tags; Device and OS characteristics; and URLs that appear to be domains from which advertisements are injected into free users' web browsers. Comparitech notes that this runs counter to UFO VPN's privacy policy.

Microsoft-owned GitHub has finally moved its snapshot of all active public repositories on the site to a vault in Norway. ZDNet reports: GiHub announced the archiving plan last November and on February 20 followed through with the 21 terabyte snapshot written to 186 reels of film. GitHub cancelled plans for a team to "personally escort the world's open-source code to the Arctic" due to the coronavirus pandemic, leaving the job to local partners who received the boxed films and deposited them in an old coal mine on July 8. The archive is being stored in Svalbard, Norway, a group of islands that's also home to the global seed bank.

"The code landed in Longyearbyen, a town of a few thousand people on Svalbard, where our boxes were met by a local logistics company and taken into intermediate secure storage overnight," said Julia Metcalf, director of strategic programs at GitHub. "The next morning, it traveled to the decommissioned coal mine set in the mountain, and then to a chamber deep inside hundreds of meters of permafrost, where the code now resides fulfilling their mission of preserving the world's open-source code for over 1,000 years." The repository includes public code repositories and significant dormant repos. The snapshot consists of the HEAD of the default branch of each repository, minus any binaries larger than 100kB in size. Each repository is then packaged as a single TAR file, and for efficiency's sake, most of the data will be stored as QR codes. A human-readable index and guide will itemize the location of each repository and explain how to recover the data.

Cambridge Engineering alumnus Hal Evans has built a fully-functioning replica of a 1930s Polish cyclometer -- an electromechanical cryptologic device that was designed to assist in the decryption of German Enigma ciphertext. The replica currently resides in King's College, Cambridge. TechXplore reports: Work on the hardware-based replica began in 2018, as part of Hal's fourth year Master's project under the supervision of King's College Fellow and Senior Tutor Dr. Tim Flack. The aim was to investigate further into cryptologist Marian Rejewski's cyclometer -- an early forerunner to Cambridge University mathematician Alan Turing's machine, known as the Bombe, which was used to crack the German Enigma code during the Second World War. Hal said he chose to work on the cyclometer as it was the very first machine used to assist the decryption effort. To his knowledge, the replica is the first fully-functioning hardware-based electromechanical cyclometer to exist since the years preceding the Second World War. The original machines would have been destroyed in 1939 to prevent them from falling into the hands of German invaders.

Rejewski's cyclometer exploited the German's procedure at the time of double encipherment of the Enigma message key, and semi-automated the process for calculating what were known as 'characteristics' for every possible Enigma rotor starting position. There were more than 100,000 of these rotor starting positions, and they each needed their characteristic to be calculated and catalogued in a card index system. The cyclometer therefore eliminated the arduous task of calculating these characteristics by hand. The machine consisted of, in effect, two interlinked Enigma systems side-by-side -- one offset by three positions relative to the other -- and 26 lamps and switches to cover the alphabet. On operation, a certain number of bulbs illuminated, indicating the lengths of the characteristics. These were recorded for every single possible rotor starting position to create an immense look-up catalogue. Once this was completed, obtaining the daily Enigma rotor starting settings to decode messages was a simple matter of intercepting enough messages and referencing the catalogue, taking only a matter of minutes.

Today I learned that Microsoft "has been providing support for the development and building of the PHP programming language on Windows," according to Bleeping Computer. "This support includes developing security patches for PHP and creating native Windows builds."

But that's going to change: Microsoft has announced that it will not offer support in 'any capacity' for PHP for Windows 8.0 when it is released... To add some clarity to Microsoft PHP Windows Lead Dale Hirt's post, PHP Release Manager Sara Golemon posted to Reddit explaining that this does not mean PHP 8.0 will not be supported in Windows. It just means that Microsoft will not be the one building and supporting it. "For some possibly missing context, Microsoft runs https://windows.php.net and produces all the official builds of PHP for Windows... This message means Microsoft aren't going to produce official builds for PHP 8 onwards. This message does NOT mean that nobody will."

Microsoft has not stated why they will no longer support PHP 8.0, but it could be due to the extensive PHP support already existing in the Windows Subsystem for Linux (WSL). Microsoft has been actively developing WSL, which allows users to install various Linux distributions that run directly in Windows 10.

As these distributions already support PHP 7.4 and will support PHP 8.0 when released, Microsoft may see it as unnecessary to continue supporting a native PHP build in Windows.

The R programming language is experiencing a surge in popularity "in the slipstream of Python," according to this month's TIOBE index, leaping into the top ten.

"For historical context, we wrote of R's spot in TIOBE nearly two years ago, and it had just made the leap from #50 to #39," writes programming columnist Mike Melanson.

ZDNet writes: In May, when R crashed out of the top 20 for the first time in three years, Tiobe speculated that the language could be a victim of consolidation in statistical programming, with more developers in the field gravitating towards Python.
But there's been a lot of motion since then, Tech Republic reports: R rose one space to eighth place in July, but its comparison to 2019 is where the real surprise lies: It was in 20th place at the same time last year. TIOBE CEO Paul Jansen cites two reasons why R may be increasing in popularity:

- Universities and research institutes have moved away from commercial statistical languages like SAS and Stata in favor of open source languages Python and R.

- The increase in analytics being used to search for a COVID-19 vaccine....

The largest gainers in popularity between July 2019 and July 2020 are Go, which jumped from 16th to 12th place, Perl, jumping from No. 19 to No. 14, Scratch, jumping from No. 30 to No. 17, Rust, which moved from No. 33 to No. 18, and PL/SQL, which moved from No. 23 to No. 19.

Ruby fell the most, moving from 11th place to 16th, while SQL, MATLAB, and Assembly Language also slipped down the list.
ZDNet adds that "Besides R's upwards shift, Tiobe's July index doesn't show much movement in the popularity of the top languages. The top 10 in descending order are C, Java, Python, C++, C#, Visual Basic, JavaScript, R, PHP and Swift."

Visual Studio magazine argues that the biggest surprise may be that the 29-year-old language classic Visual Basic is still in the top 20 — since its last stable release was 22 years ago, and by 2008 it was finally retired by Microsoft. "VB6 just refuses to go away, achieving cult-like status among a group of hard-core supporters."

"Other terms are more inclusive and precise," reads a merged Pull request for the Rust programming language titled "Avoid 'whitelist'."

"This doesn't look like it affects any 'user visible' flags or anything like that," core developer Niko Matsakis had pointed out in a comment on the pull request, asking "It's purely internal...?"

The pull request has since been merged.

theodp writes: From the Home Office in Cupertino: "Apple today announced a new set of tools to help educators teach coding to students from grade school to college. In addition to significant enhancements to the Develop in Swift and Everyone Can Code curricula, Apple is also starting a new professional learning course for Develop in Swift, available to educators at no cost. The course is designed to supplement the need for computer science educators in the US, and helps instructors of all skill levels build foundational knowledge to teach app development with Swift. In addition, with many institutions operating remotely, Apple is adding resources for educators and parents to help ensure they have the tools they need to help students learn and grow from anywhere. [...] To support parents with kids learning to code at home, Apple is adding a new guide to its set of remote learning resources. 'A Quick Start to Code' is now available and features 10 coding challenges designed for learners ages 10 and up, on iPad or Mac. [...] In 2016, Apple launched Everyone Can Code, a comprehensive program and curriculum to help students of all abilities, from kindergarten to college, learn coding to solve problems and prepare them for the workforce. Develop in Swift was released in 2019, and today more than 9,000 K-12 and higher education institutions worldwide are using the Everyone Can Code and Develop in Swift curricula from Apple."

Back in 2018, Apple CEO Tim Cook claimed that most students shunned programming before Apple introduced Swift "because coding languages were 'too geeky.'" As Apple introduced Swift in 2016, Cook called for requiring all children to start coding in 4th grade (9-10 years old), which Cook reiterated to President Trump in a 2017 White House meeting with tech titans.

John Gruber, writing at DaringFireball: Feel free to file Google's release this week of an update to their iPad Gmail app with support for split-screen multitasking under "better late than never," but this is so late it borders on the absurd. It's like the difference between showing up fashionably late and showing up a week after the party. Split-screen multitasking was introduced for the iPad back in 2015 with iOS 9. Five years to add support for a foundational element of the iPad user experience. And an email client is near the top of the list of the type of apps where someone would want to use split-screen. Five years. Google makes a lot of software with terrible user experiences for users who have poor taste. Their iOS software, in particular, has for the most part never suggested that it was designed by people who like -- or even use -- iOS. It's the blind leading the blind. But yet the Gmail app is currently the number one free app in the Productivity category in the App Store.

On the surface, it's tempting to blow this off. To each their own. Whatever floats their boat. Who cares if millions of iPad users are satisfied using an email client that is a poor iPad app, so long as actual good iPad email clients are available to those who do care? But what about those stuck using the Gmail app not because they want to, but because they have to? Who can help them but Apple? I worry that it's not tenable in the long run to expect Apple to continue striving to create well-crafted -- let alone insanely great -- software when so many of its users not only settle for, but perhaps even prefer, software that is, to put it kindly, garbage. There have always been popular Mac and iPhone apps that are objectively terrible apps -- where by "popular" I mean much-used, not much-loved. But what made Apple users Apple users is that they complained vociferously if they had to use a terrible app. Word 6 was a sack of dog shit Microsoft dropped off and set aflame on Mac users' porch, but we all knew it was a flaming bag of dog shit, and even those of us who didn't even use Word were angry about it because it was an insult.

I worry that this sort of "Who cares, it's better than nothing" attitude has seeped into Apple itself, and explains how we wound up with barely modified iPad apps shipping as system apps on the Mac. But more than anything I worry that this exemplifies where Apple has lost its way with the App Store. What exactly is the point of running a strict approval process for apps if not, first and foremost, to ensure that they're good apps? An iPad email app that doesn't support split-screen multitasking for five years is, by definition, not a good app. I'd like to see all the vim, vigor, and vigilance Apple applies to making sure no app on the App Store is making a dime without Apple getting three cents applied instead to making sure there aren't any scams or ripoffs, and that popular apps support good-citizen-of-the-platform features within a reasonable amount of time after those features are introduced in the OS. I don't know exactly how long "reasonable" is, but five fucking years for split-screen support ain't it.

Apple today seeded the first public betas of upcoming iOS 14 and iPadOS 14, and tvOS 14 updates to its public beta testing group, two weeks after first providing the updates to developers after the WWDC keynote.

Microsoft is forming a team internally under the Microsoft Devices division that will handle the development of the Android OS for Surface Duo going forward. Windows Central: According to my sources, up until now, Microsoft had contracted the OS work out to third-party vendors such as Movial, who had the expertise required to bring Android to life on Surface Duo. Movial is a software, services, and design engineering company that was working closely with Microsoft on Surface Duo during its prototype and development stages. Microsoft has now acquired the local operations of Movial in Romania, Taiwan, and the USA, and is bringing on-board all the Movial employees that were working on the Surface Duo as full-time employees at Microsoft.

Microsoft is not acquiring Movial as a whole. Movial will continue to operate as a standalone company, with employees at its headquarters in Finland remaining at Movial. SeeNews reports that Movial's Iasi office will become Microsoft Romania's fourth research and development center, as it on-boards 60 employees from Movial in that location.

theodp writes: Code.org's $10+ million "Diamond" supporters include Microsoft, Facebook, Amazon, and Infosys. Its $3+ million "Platinum" supporters include Google, the Gates Foundation, and the Ballmer Group. And its $1+ million "Gold" supporters include Jeff Bezos and Bill Gates, the world's two richest men. So, it was somewhat surprising to see the nonprofit -- which is dedicated to pushing CS into K-12 classrooms -- pop up on the list of Seattle-area tech companies that received a PPP loan from the federal government. According to Paycheck Protection Program data released by the SBA and Treasury, Code.org was approved on April 15th for a loan between $1-2 million to retain 81 jobs due to the pandemic. Khan Academy, another pet nonprofit of Gates and other billionaires, received approval for a $2-5 million PPP loan to retain 185 jobs.

Once upon a time, you could play Scrabble on your black-and-white Kindle readers. Or chess or sudoko, or even solve New York Times Crossword Puzzles. Amazon's Kindle Store had included 500 slick Java-based "Active Content" downloads...

Electronic Arts even produced Kindle-specific versions of Monopoly, Yahtzee, and Battleship, while Amazon created original games with titles like Every Word and Pirate Stash — and even a choose-your-own-adventure game named Dusk World.

Amazon soon moved into color touchscreen tablets, where there are many more games to choose from. But while any old downloaded "Active Content" will still work on their black-and-white Kindle readers, Amazon has now stopped selling it in its Kindle Store, reports The Digital Reader: The feature launched in 2010/2011, and was essentially abandoned by 2014 when Amazon launched the Kindle Voyage. Amazon decided to not support Active Content on its then newest ereader. Later Kindle models also lacked support for Active Content, and that meant it was only a matter of time before Amazon also removed the section from the Kindle Store.

And now one of the last remaining holdovers from that crazy time when ebooks were new is now gone.

There was a time, back in the early ebook era, when everyone was throwing really cool ideas up against the wall to see what stuck. Enhanced ebooks, for example, got tried a dozen times in around 7 years, and failed to find a market every time. Augmented reality ebooks was also tried several times, and for the most part failed because the tech wasn't there (AR was always going to be a niche product, but it's time will come). Digital textbooks were tried and failed several times because students could see they didn't make economic sense, but then publishers found a way to force them down students' throats (site licenses)...

And now Kindle Active Content is joining all the other formerly great ideas in the ebook graveyard.

The Linux Foundation recently uploaded its video from the Open Source Summit and Embedded Linux Conference: Europe. And there was a poignant moment when Linus Torvalds did his traditional keynote conversation with Dirk Hohndel, VMware's vice president and chief open source officer.

Honndel had asked Linus — his hair now uncharacteristically long — what he spends his time on as a kernel maintainer. What's his workflow? "What do you do?"

Linus Torvalds: Um, I read email. [Hohndel laughs] I read email, I write email, I do no coding at all any more.

Most of the code I write, I actually write inside my mail reader. So somebody sends me a patch, or more commonly they send me a pull request or there's a discussion about the next pull request, and there's something I react to and say, 'No, this is fine, but...' And I send out pseudocode, or — I'm so used to sending out patches that I sometimes edit patches and send out the patch without having ever compiled it, ever tested it, because I literally wrote it in the mail reader, and saying 'I think this is how it should be done.' But this is what I do. I'm not a programmer any more.

I read a lot more email than I write, because what my job really is — in the end, my job is to say no. Somebody has to be able to say no to people. Because other developers know that if they do something bad, I will say no. They hopefully, in turn, are more careful. But in order to be able to say no, I have to know the background. Because otherwise I can't do my job. So I spend all my time, basically, reading email about what people are working on... It is an interesting job, but you do end up spending most of your time reading email.

On the developer side, what I hope people are doing is trying to make, not just good code, but these days we've been very good about having explanations for the code. So commit messages to me are almost as important as the code change itself. Sometimes the code change is so obvious that no message is really required, but that is very very rare. And so one of the things I hope developers are thinking about, the people who are actually writing code, is not just the code itself, but explaining why the code does something, and why some change was needed. Because that then in turn helps the managerial side of the equation, where if you can explain your code to me, I will trust the code...

A lot of open source in general is about communication. And part of it is the commit messages, part of it is just the email going back and forth. Communicating what you're trying to do or communicating why something doesn't work for you is really important.

JPMorgan Chase is eliminating terms like "blacklist," "master" and "slave" from its internal technology materials and code as it seeks to address racism within the company, said two sources with knowledge of the move. Reuters reports: The terms had appeared in some of the bank's technology policies, standards and control procedures, as well in the programming code that runs some of its processes, one of the sources said. The phrases "master" and "slave" code or drive are used in some programming languages and computer hardware to describe one part of a device or process that controls another. "Blacklist" is used to describe items that are automatically denied, like a list of websites forbidden by a company's cybersecurity division. "Whitelist" means the opposite - a list of items automatically approved. While JPMorgan appears to be the first in the financial sector to remove most references to these racially problematic phrases, they're not the only company to do so. GitHub, Google, and Twitter are a few others who have made similar moves recently.

An anonymous reader quotes a report from The Register MIT has taken offline its highly cited dataset that trained AI systems to potentially describe people using racist, misogynistic, and other problematic terms. The database was removed this week after The Register alerted the American super-college. MIT also urged researchers and developers to stop using the training library, and to delete any copies. "We sincerely apologize," a professor told us. The training set, built by the university, has been used to teach machine-learning models to automatically identify and list the people and objects depicted in still images. For example, if you show one of these systems a photo of a park, it might tell you about the children, adults, pets, picnic spreads, grass, and trees present in the snap. Thanks to MIT's cavalier approach when assembling its training set, though, these systems may also label women as whores or bitches, and Black and Asian people with derogatory language. The database also contained close-up pictures of female genitalia labeled with the C-word. Applications, websites, and other products relying on neural networks trained using MIT's dataset may therefore end up using these terms when analyzing photographs and camera footage.

The problematic training library in question is 80 Million Tiny Images, which was created in 2008 to help produce advanced object-detection techniques. It is, essentially, a huge collection of photos with labels describing what's in the pics, all of which can be fed into neural networks to teach them to associate patterns in photos with the descriptive labels. So when a trained neural network is shown a bike, it can accurately predict a bike is present in the snap. It's called Tiny Images because the pictures in library are small enough for computer-vision algorithms in the late-2000s and early-2010s to digest. Today, the Tiny Images dataset is used to benchmark computer-vision algorithms along with the better-known ImageNet training collection. Unlike ImageNet, though, no one, until now, has scrutinized Tiny Images for problematic content.

williamyf shares a report from The Register: Mozilla has released Firefox 78 with a new Protections Dashboard and a bunch of updates for web developers. This is also the last supported version of Firefox for macOS El Capitan (10.11) and earlier. Firefox is on a "rapid release plan," which means a new version every four to five weeks. This means that major new features should not be expected every time. That said, Firefox 78 is also an extended support release (ESR), which means users who stick with ESR get updates from this and the previous 10 releases. The main new user-facing feature in Firefox 78 is the Protections Dashboard, a screen which shows trackers and scripts blocked, a link to the settings, a link to Firefox Monitor for checking your email address against known data breaches, and a button for password management.

Developers get a bunch of new features. The Accessibility inspector is out of beta -- this is a tab in the developer tools that will check a page for accessibility issues when enabled. Source maps are a JavaScript feature that map minified code back to the original code to make debugging easier. Firefox has a Map option that lets you use source maps in the debugger, and this now works with logpoints, a type of breakpoint that writes a message to the console rather than pausing execution, so that you see the original variable names. Mozilla has also worked on debugging JavaScript promises, so you can see more detail when exceptions are thrown.

A big feature for debugging web applications when running on mobile is the ability to connect an Android phone with USB, and navigate and refresh mobile web pages from the desktop. Patience is required though, since this will only work with a forthcoming new version of Firefox for Android. Mozilla has been working on a new Regular Expression (RegExp) evaluator and this is included in SpiderMonkey (Mozilla's JavaScript engine) in Firefox 78. This brings the evaluator up to date with the requirements of ECMAScript 2018.

An anonymous reader quotes a report from Ars Technica: Nearly 20 years after its initial release, a hacker has found a way to run homebrew software on an unmodified PlayStation 2 using nothing but a carefully burned DVD-ROM. Previous efforts to hack the PS2 relied on internal modifications, external hardware (like pre-hacked memory cards and hard drives), or errors found only on very specific models of the system. The newly discovered FreeDVDBoot differs from this previous work by exploiting an error in the console's DVD video player to create a fully software-based method for running arbitrary code on the system.

Security researcher CTurt laid out the FreeDVDBoot discovery and method in detail in a blog post this weekend. By decrypting and analyzing the code used for the PS2's DVD player, CTurt found a function that expects a 16-bit string from a properly formatted DVD but will actually easily accept over 1.5 megabytes from a malicious source. Sending carefully formatted data to that function causes a buffer overflow that in turn triggers another badly written function to tell the system to jump to an area of memory with arbitrary, attacker-written code. That code can then tell the system to load an ELF file written to a burned DVD-R in the system. Building on previous PS2 homebrew efforts like uLaunchELF, it's relatively simple to use that DVD-R to load homebrew software or even full copies of otherwise copy-protected PS2 games. The exploit is currently limited to very specific versions of the PS2's DVD player firmware (as of press time, firmwares 3.10 and 3.11, when set to "English") found in later editions of the console and won't work in earlier systems. But CTurt writes that he's "confident that all other versions also contain these same trivial IFO parsing buffer overflows" and can be exploited with broadly similar methods. The possibility of similar hacks through the Blu-ray player on the PS3 and PS4 (or the CD player on the PS1) are also being examined by the community.

Oracle's Java magazine is celebrating the 25th anniversary of the programming language with a list of the 25 greatest Java apps ever written: From space exploration to genomics, from reverse compilers to robotic controllers, Java is at the heart of today's world. Here are a few of the countless Java apps that stand out from the crowd.

The story of Java began in 1991, at a time when Sun Microsystems sought to extend their lead in the computer workstation market into the burgeoning personal electronics market. Little did anyone know that the programming language Sun was about to create would democratize computing, inspire a worldwide community, and become the platform for an enduring software development ecosystem of languages, runtime platforms, SDKs, open source projects, and lots and lots of tools. After a few years of secret development led by James Gosling, Sun released the landmark "write once, run anywhere" Java platform in 1995, refocusing it beyond its original design for interactive television to applications for the burgeoning World Wide Web. By the turn of the century, Java was animating everything from smartcards to space vehicles.

Today, millions of developers program in Java. Although Java continues to evolve at an ever-faster pace, on the occasion of the platform's 25th anniversary, Java Magazine decided to take a look back at how Java molded our planet. What follows is a list of the 25 most ingenious and influential Java apps ever written, from Wikipedia Search to the US National Security Agency's Ghidra. The scope of these applications runs the gamut: space exploration, video games, machine learning, genomics, automotive, cybersecurity, and more.
The list includes Eclipse, Minecraft, the Maestro Mars Rover controller, and "VisibleTesla," the open source app created by an automobile enthusiast to monitor and control his Tesla Model S.

An anonymous reader quotes ADTmag: The Eclipse Foundation this week announced Jakarta EE 9 Milestone 1, the final version of the enterprise Java specification before the first Release Candidate (RC). The Jakarta EE 9 release marks the final transition away from the javax.* namespace (which Oracle refused to give up) to Eclipse's jakarta.*. This release updates all the APIs to use jakarta.* in package names. In fact, Mike Milinkovich, executive director of the Eclipse Foundation, says that transition is really what this release is all about.

"The main purpose...is to provide a release that is very similar to Java EE 8," Milinkovich told ADTmag, "with everything converted to the jakarta.* namespace. We're providing a stable technical conversion platform, so all the tools and frameworks in the ecosystem that are using, say, javax.servlet, can make the change with confidence." Giving the ecosystem solid footing for the transition from the Java EE coffee cup to the Jakarta EE sailboat is the Foundation's way of setting the stage for rapid innovation, Milinkovich said, once the transition is largely complete.

"These technologies have been around for an awfully long time," he added, "and we had to provide folks with a stable platform for the conversion. At the same time, thanks to a contribution from IBM, we have the Eclipse Transformer Project, which is going to provide runtime enablement. If someone has an application they don't want to recompile, and that application is using the javax.* namespace, they will be able to run it on top of a Jakarta-compatible app server. That's going to provide binary compatibility for apps, going forward..."

A high school computer science teacher claims there's an "unacknowledged failure" of America's computer science (CS) classes at the high school and junior high school level. "Visit classrooms and you'll find students working with robotic sensors, writing games and animations in Scratch, interfacing with Arduino microcontrollers, constructing websites, and building apps with MIT App Inventor...

"Look underneath the celebratory and self-congratulatory remarks, however, and you'll find that, although contemporary secondary education is quite good at generating initial student interest, it has had much less success at sustaining that engagement beyond a few weeks or months, and has frankly been ineffectual in terms of (a) measurable learning for the majority of students; (b) boosting the number of students who take a second CS course, either in high school or college; and (c) adequately preparing students for CS college study."

Long-time Slashdot reader theodp writes: In " A New Pedagogy to Address the Unacknowledged Failure of American Secondary CS Education ," high school computer science teacher Scott Portnoff argues that a big part of the problem is the survey nature of today's most popular high school CS course offerings — Exploring Computer Science (ECS) and AP Computer Science Principles (AP CSP) — both of whose foundational premise is that programming is just one of many CS topics. "Up until a decade ago," Portnoff explains, "introductory high school computer science classes were synonymous with programming instruction, period. No longer."

This new status quo in secondary CS education, Portnoff argues, resulted from baseless speculation that programming was what made Java-based AP CS A inaccessible, opposed to, say, an uninspiring or pedagogically ineffective version of that particular curriculum, or a poorly prepared instructor. It's quite a departure from the 2011 CSTA K-12 Computer Science Standards, which made the case for the centrality of programming in CS education ("Pedagogically, computer programming has the same relation to studying computer science as playing an instrument does to studying music or painting does to studying art. In each case, even a small amount of hands-on experience adds immensely to life-long appreciation and understanding").
This teacher believes that programming languages are acquired rather than learned, just like any other human language — and concludes the solution is multi-year courses focused on one programming language until proficiency is fully acquired.

For this reason, for the last seven years he's also been making his students memorize small programs, and then type them out perfectly, arguing that "the brain subconsciously constructs an internal mental representation of the syntax rules implicitly by induction from the patterns in the data."

"Amazon Web Services on Wednesday launched Amazon Honeycode, a fully-managed service that enables companies to build mobile and web applications without any programming," reports ZDNet: Customers can use the service to build apps that leverage an AWS-built database, such as a simple task-tracking application or a more complex project management app to manage multiple workflows. "Customers have told us that the need for custom applications far outstrips the capacity of developers to create them," AWS VP Larry Augustin said in a statement.

Low-code and no-code tools have been growing in popularity in recent years, enabling people with little or no coding experience to be able to build the applications they need. Other major cloud companies like Salesforce offer low-code app builders. With IT teams stretched thin during the COVID-19 pandemic, low-code tools can prove particularly useful.
Customers "can get started by selecting a pre-built template, where the data model, business logic, and applications are pre-defined and ready-to-use..." Amazon explains in a press release. "Or, they can import data into a blank workbook, use the familiar spreadsheet interface to define the data model, and design the application screens with objects like lists, buttons, and input fields.

"Builders can also add automations to their applications to drive notifications, reminders, approvals, and other actions based on conditions. Once the application is built, customers simply click a button to share it with team members."

"A proposal under consideration by Python's development team would finally bring pattern matching statements to the language," reports InfoWorld: The creators of the Python language are mulling a new proposal, PEP 622, that would finally bring a pattern matching statement syntax to Python. The new pattern matching statements would give Python programmers more expressive ways of handling structured data, without having to resort to workarounds...

While Python has lacked a native syntax for pattern matching, it has been possible to emulate it with if/elif/else chains or a dictionary lookup. PEP 622 proposes a method for matching an expression against a number of kinds of patterns using a match/case syntax:

match something:

case 0 | 1 | 2:
print("Small number")

case [] | [_]:
print("A short sequence")

case str() | bytes():
print("Something string-like")

case _:
print("Something else")


Supported pattern match types include literals, names, constant values, sequences, a mapping (basically, the presence of a key-value pair in the expression), a class, a mixture of the above, or any of those plus conditional expressions. Any matches that are ambiguous or impossible to resolve will throw an exception at runtime... If an object implements the __match__ method, it can be used to test if it matches a given class pattern and return an appropriate response.
One of the authors of the new PEP was Python creator Guido van Rossum, according to the article -- and he'd drafted an earlier pattern matching proposal back in 2006 that was rejected (following the rejection of an earlier proposal in 2001).

The article also notes that many aspects of this PEP were inspired by the way pattern matching works in Rust and Scala.

Long-time Slashdot reader PCM2 shares a report from CBS News: Gov. Gavin Newsom on Thursday announced a new COVID-19 modeling website as well as new open-source tools designed to help California residents understand the data informing local health departments and empower what he called "citizen scientists." The governor introduced the new coronavirus modeling website [...] as a way for residents to see the raw data that is driving the decisions of state and county officials with full transparency.

The new website features three sections: a "Nowcast" section that provides the most current information on how fast COVID-19 is spreading in the state and by county; a "Forecasts" section that provides short-term COVID-19 forecasts in the state and by county; and a "Scenarios" section that projects the possible long-term impacts under different scenarios and responses to COVID-19, again for the whole state and by county. "We want to open up our site to 'netizen-tists' ... of citizen-scientists, people that are out there doing coding every single day," said Newsom. "We want to give them access through an open-source platform to all of the available data that we have, that I have, that our health professionals have, in a way that we don't believe has been done before anywhere in the United States. This is a deep dive for transparency and openness. This is a new resource that we are making available today."

Basecamp's Hey email app is now open to everyone after Apple "definitively approved" it for the App Store. No invite code is required for users to sign up. Engadget reports: Basecamp CTO and co-founder David Heinemeier Hansson tweeted the news today. Hey will not include any in-app purchases (IAP), so Apple will not get its standard 30 percent commission. At first, Apple objected to the fact that users would download the app from the App Store but have to sign up via the web. Apple's policies require that developers use IAP to unlock paid features or functionality in an app. Hey managed to skirt around those rules by offering a free trial option.

Hey is now open to everyone, and it does not require an invite code. The app promises a more organized approach to email, for $99 per year. But perhaps more importantly, Hey is an example of how developers can avoid paying Apple 30 percent of IAP and subscription fees. "Hopefully this paves an illuminated path for approval for other multi-platform SAAS applications as well. There are still a litany of antitrust questions to answer, but things legitimately got a little better. New policies, new precedence. Apple took a great step forward," Hansson tweeted.

Michael Hawley, a computer programmer, professor, musician, speechwriter and impresario who helped lay the intellectual groundwork for what is now called the Internet of Things, died on Wednesday at his home in Cambridge, Mass. He was 58. From a report: The cause was colon cancer, said his father, George Hawley. Mr. Hawley began his career as a video game programmer at Lucasfilm, the company created by the "Star Wars" director George Lucas. He spent his last 15 years curating the Entertainment Gathering, or EG, a conference dedicated to new ideas. In between, he worked at NeXT, the influential computer company founded by Steve Jobs after he left Apple in the mid-1980s, and spent nine years as a professor at the Massachusetts Institute of Technology Media Lab, a seminal effort to push science and technology into art and other disciplines. He was known as a scholar whose ideas, skills and friendships spanned an unusually wide range of fields, from mountain climbing to watchmaking. Mr. Hawley lived with both Mr. Jobs and the artificial intelligence pioneer Marvin Minsky, published the world's largest book, won first prize in an international competition of amateur pianists, played alongside the cellist Yo-Yo Ma at the wedding of the celebrity scientist Bill Nye, joined one of the first scientific expeditions to Mount Everest, and wrote commencement speeches for both Mr. Jobs and the Google co-founder Larry Page.

Two of Mr. Hawley's Media Lab projects -- Things That Think and Toys of Tomorrow -- anticipated the Internet of Things movement, which aims to weave digital technology into everything from cars to televisions to home lighting systems. Led by companies like Amazon, Google, Intel and Microsoft, the movement is now a $248 billion market, according to the market research firm Statista. Mr. Hawley developed "a pattern of ideas that emerged long before the Internet of Things," Nicholas Negroponte, founder of the Media Lab, said in an email. "I would call that pattern not artificial intelligence, but intelligence in the artificial," he wrote. Mark Seiden, an independent computer security consultant who met Mr. Hawley in the early 1980s when they were both working at IRCAM, a music lab in Paris, and eventually hired him at Lucasfilm, compared Mr. Hawley's exploits to those of George Plimpton, the writer whose participatory kind of journalism had him masquerading as a boxer, a professional football player, a circus performer and a stand-up comedian.

Taking place this week is the virtual Perl + Raku "Conference in the Cloud" as a result of the COVID-19 pandemic causing the event to go virtual. A big announcement out of it is Perl 7. From a report: Perl 7 basically amounts to Perl 5 with more modern defaults and foregoing some of the extensive backward compatibility support found with Perl 5. News of Perl 7 comes a few days after the release of Perl 5.32. Perl 7 succeeds Perl 5 due to the Perl 6 initiative previously for what is now known as the Raku programming language. So to avoid confusion, similar to the PHP 6 debacle, Perl 7 is the next version. For the most part though Perl 7 is close to Perl 5.32 with changed defaults and is more forward looking with less commitment to backward compatibility support.

Apple's Worldwide Developers Conference this week didn't bring any particularly revolutionary new feature, but it did something perhaps more important for Apple's long-term strategy. The latest updates will unify the company's devices and give customers more reasons to stay within its product ecosystem. From a report: From an average user's standpoint, the updates to iOS and iPadOS were underwhelming and minor, aside from widgets (which Android has had for years). Siri's interface changes were impressive, but there wasn't much discussion of a needed under-the-hood revamp, and the Watch update was incremental, other than sleep tracking. The company didn't let these products languish, but Apple's engineers essentially did just enough. The really impressive achievements came in getting the products to work together, plus sweeping improvements to the Mac.

The biggest news of the conference was that Apple-made chips will replace those from Intel in Mac computers. Besides higher speeds and longer battery life, the change customers will notice first is that Mac computers will work more like an iPhone or an iPad, and will have the ability to run the same apps on the new macOS Big Sur operating system. Soon, someone will be able to buy an iPhone app and run it across Apple's major platforms: the Mac, the iPhone, the iPad, and in some cases a variant of it on the Apple Watch and Apple TV. The company also moved toward increased unification by bringing over glance-able information (widgets) from the Apple Watch to its larger devices, and by more deeply integrating its smart home features across products. For example, a HomePod speaker can now be a doorbell and an Apple TV can be a door camera viewer. All of this may drive existing customers to buy additional Apple products, knowing that they'll work together seamlessly. The strategy could boost Apple's sales in the long-term and, just as importantly, make it more difficult for a user to leave behind a device, which could blow a hole in their network of Apple products.

The state of California has lost again in its attempt to punish IMDb for ageism perpetrated by movie studios who seem to refuse to cast actresses above a certain age in choice roles. Techdirt reports: The law passed by the California legislature does one thing: prevents IMDb (and other sites, theoretically) from publishing facts about actors: namely, their ages. This stupid law was ushered into existence by none other than the Screen Actors Guild, capitalizing on a (failed) lawsuit brought against the website by an actress who claimed the publication of her real age cost her millions in Hollywood paychecks. These beneficiaries of the First Amendment decided there was just too much First Amendment in California. To protect actors from studio execs, SAG decided to go after a third-party site respected for its collection of factual information about movies, actors, and everything else film-related.

The federal court handling IMDb's lawsuit against the state made quick work of the state's arguments in favor of very selective censorship. In only six pages, the court destroyed the rationale offered by the government's finest legal minds. [...] Even if the law had somehow survived a First Amendment challenge, it still wouldn't have prevented studios from engaging in discriminatory hiring practices. If this was really the state's concerns, it would have stepped up its regulation of the entertainment industry, rather than a single site that was unsuccessfully sued by an actress, who speculated IMDb's publication of her age was the reason she wasn't landing the roles she wanted.